Promoting a Windows 2012R2 Server to Domain Controller

Once a Windows 2012 or Windows 2012R2 has had the Active Directory Domain Services role installed, the domain controller must be promoted to a domain controller. This article outlines the steps needed to add a domain controller to an existing environment.

How to Promote a Windows 2012R2 Domain Controller

Post installation of the role, the option to promote a domain controller will be available. If Server Manager has been closed, it will need to be opened back up. To do this, right click on My Computer and select manage.

In the top right corner, a warning label will now appear next to the task details icon. Click on this icon and select Promote this server to a domain controller.

The Active Directory Domain Services Configuration Wizard will begin. In the example shown below, I am adding a new domain controller to an existing domain. In most cases, I use the Administrator account. However, in the example below, I am using an account that has the following three roles:

Domain Administrator

Enterprise Admin

Schema Admin

Note that depending on the scenario, you may be required to have only some or possibly all three of these roles to be able to complete the installation.

Since the new server being deployed is going to replace one of the primary domain controllers, both DNS and Global Catalog were selected. Additionally, I used a Directory Services Restore Mode (DSRM) password that did not match the domain administrator. Although this password can match the domain administrator, I chose not to use the same password for security purposes. Make sure this password is documented as this password can help gain access to an environment in the event that all domain administrator accounts lose access.

Since I was not using a parent zone, I got the following warning. In my case, I can ignore the warning as this will not affect whether the DNS feature gets installed.

On the next screen, Active Directory can replicate from any domain controller or a domain controller can be specified. In the screenshot shown below there have three domain controller listed. Since two of these will be decommissioned in the near future, the newest domain controller was selected.

All the AD DS database, log files and SYSVOL data was left at their default locations.

The next window will be a summary of all selected options. If anything needs to be adjusted, now would be the best time to do it.

Windows will perform a prerequisites check. If the user account used to promote the server does not have sufficient privileges (Schema Admin or Enterprise admin), then the installation will not be able to be completed. Either log onto another account that has the correct permissions or grant those permissions to the desired user and start over from the beginning of the promotion wizard.

For smaller, newer environments, the replication process will complete fairly quickly. In older and larger environments, it may take a bit of time to replicate AD DS.

Once the installation has been completed and the wizard has been closed out, the AD DS will reboot.